<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">

<html><head><title>Understanding Authentication - Bonfire</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/prettify.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="ContentPage" onLoad="NDOnLoad();prettyPrint();"><script language=JavaScript><!--
if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>

<!--  Generated by Natural Docs, version 1.5 -->
<!--  http://www.naturaldocs.org  -->

<!-- saved from url=(0026)http://www.naturaldocs.org -->




<div id=Content><div class="CSection"><div class=CTopic id=MainTopic><h1 class=CTitle><a name="Understanding_Authentication"></a>Understanding Authentication</h1><div class=CBody><p>Because security is such a crucial concern with any web application, this document will step you through how authentication works in Bonfire, to make it easy for to determine if it meets the security needs of your application.&nbsp; While the security provided should be adequate for most applications, some may require additional security to meet their unique requirements.&nbsp; If you find a need for additional security (or just find a flaw in the current authentication) please let us know.&nbsp; If you improve the security of the code, please send us a pull request on <a href="http://github.com/lonnieezell/bonfire" class=LURL target=_top>Github</a>.</p><!--START_ND_SUMMARY--><div class=Summary><div class=STitle>Summary</div><div class=SBorder><table border=0 cellspacing=0 cellpadding=0 class=STable><tr class="SMain"><td class=SEntry><a href="#Understanding_Authentication" >Understanding Authentication</a></td><td class=SDescription>Because security is such a crucial concern with any web application, this document will step you through how authentication works in Bonfire, to make it easy for to determine if it meets the security needs of your application. </td></tr><tr class="SGeneric SIndent1 SMarked"><td class=SEntry><a href="#Autologin" >Autologin</a></td><td class=SDescription>Whenever the Auth library is first loaded, it will run the <b>autologin()</b> method to see if the user has been remembered on the site.</td></tr></table></div></div><!--END_ND_SUMMARY--></div></div></div>

<div class="CGeneric"><div class=CTopic><h3 class=CTitle><a name="Autologin"></a>Autologin</h3><div class=CBody><p>Whenever the Auth library is first loaded, it will run the <b>autologin()</b> method to see if the user has been remembered on the site.</p><p>Autologin uses the best practice as set out in <a href="http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/" class=LURL target=_top>http://fishbowl.pastiche.org<wbr>/2004<wbr>/01<wbr>/19<wbr>/persistent_login_cookie_best_practice<wbr>/</a> and creates a unique token based on a SHA1 hash of the user_id joined with a 128-character random string.&nbsp; This token is only valid for the current session.</p><ul><li>If the system is set to NOT allow users to be remembered, the script is exited.</li><li>The <b>autologin</b> cookie is retrieved, if it exists.&nbsp; If it doesn&rsquo;t exist the method is exited.</li><li>The cookie is split into it&rsquo;s two parts, the user_id and the token that previously generated.</li><li>We try to pull a match from the <b>user_cookies</b> table against the <u>user id</u> and <u>token</u>.&nbsp; If no match is found, the script exits.</li><li>If a user is found, we check to see if there is a current session for this user.&nbsp; If there is, then we&rsquo;re good to go, and the <b>logged_in</b> class variable is set to true.&nbsp; We&rsquo;re done here.</li><li>If no session exists, we create a new one for the user, regenerate our autologin information, setup our new cookie, and go on our way.</li></ul><p><b>This document is still under construction.</b></p></div></div></div>

</div><!--Content-->


<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->


<div id=Menu><div class=MTitle>Bonfire<div class=MSubTitle>Faster CodeIgniter Development</div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Guides</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MFile><a href="installing-txt.html">Installing Bonfire</a></div></div><div class=MEntry><div class=MFile><a href="modules/overview-txt.html">Modules Overview</a></div></div><div class=MEntry><div class=MFile id=MSelected>Understanding Authentication</div></div></div></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent2')">Helpers</a><div class=MGroupContent id=MGroupContent2><div class=MEntry><div class=MFile><a href="../files/helpers/address_helper-php.html">Address Helper</a></div></div><div class=MEntry><div class=MFile><a href="../files/helpers/application_helper-php.html">Application Helper</a></div></div><div class=MEntry><div class=MFile><a href="../files/helpers/config_file_helper-php.html">Config File Helper</a></div></div></div></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent3')">Libraries</a><div class=MGroupContent id=MGroupContent3><div class=MEntry><div class=MFile><a href="../files/libraries/assets-php.html">Assets</a></div></div><div class=MEntry><div class=MFile><a href="../files/libraries/template-php.html">Template</a></div></div><div class=MEntry><div class=MFile><a href="../files/core_modules/users/libraries/auth-php.html">Auth</a></div></div><div class=MEntry><div class=MFile><a href="../files/libraries/Console-php.html">Console</a></div></div></div></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent4')">Core Overrides</a><div class=MGroupContent id=MGroupContent4><div class=MEntry><div class=MFile><a href="../files/core/MY_Controller-php.html">Controllers</a></div></div><div class=MEntry><div class=MFile><a href="../files/core/MY_Model-php.html">MY_Model</a></div></div></div></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent5')">Core Modules</a><div class=MGroupContent id=MGroupContent5><div class=MEntry><div class=MFile><a href="../files/core_modules/emailer/libraries/emailer-php.html">Emailer</a></div></div><div class=MEntry><div class=MFile><a href="../files/core_modules/migrations/libraries/Migrations-php.html">Migrations</a></div></div><div class=MEntry><div class=MFile><a href="../files/core_modules/roles/models/permission_model-php.html">Permission_model</a></div></div><div class=MEntry><div class=MFile><a href="../files/core_modules/roles/models/role_model-php.html">Role_model</a></div></div></div></div></div><div class=MEntry><div class=MFile><a href="../files/controllers/install-php.html">controllers/<wbr>install.php</a></div></div><div class=MEntry><div class=MFile><a href="../files/core_modules/logs/controllers/developer-php.html">core_modules/.../controllers/<wbr>developer.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent6')">Index</a><div class=MGroupContent id=MGroupContent6><div class=MEntry><div class=MIndex><a href="../index/General.html">Everything</a></div></div><div class=MEntry><div class=MIndex><a href="../index/Classes.html">Classes</a></div></div><div class=MEntry><div class=MIndex><a href="../index/Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex><a href="../index/Variables.html">Variables</a></div></div><div class=MEntry><div class=MIndex><a href="../index/Files.html">Files</a></div></div></div></div></div><script type="text/javascript"><!--
var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option  id=MSearchEverything selected value="General">Everything</option><option value="Classes">Classes</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div><script language=JavaScript><!--
HideAllBut([1, 2, 3, 4, 5], 7);// --></script></div><!--Menu-->



<!--START_ND_TOOLTIPS-->
<!--END_ND_TOOLTIPS-->




<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>


<script language=JavaScript><!--
if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>